Register

Forgot Password

Site FAQ

Home > IT Answers > Networking > Configuration problem on 2950 port security sticky behavior

Patelmanojk

50 pts.

Configuration problem on 2950 port security sticky behavior

Cisco, Firewalls, Forensics, Incident response, Intrusion management, Network security, Networking, Patch management, Project management, VPN, Wireless

Hi, I am trying to put port security on a port, I want it to shutdown if another computer gets plugged into that port. I followed the following steps: I set these options: switchport mode access switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown Switch#show port-security interface fastEthernet 0/4 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 000b.972c.0ea1 Security Violation Count : 0 It doesn?t work. any idea what I am doing wrong?

Software/Hardware used:

ASKED: January 31, 2006 8:38 AM

UPDATED: February 1, 2006 7:28 AM

RELATED QUESTIONS

Answer Wiki:

have you just tried using the network assistant and setting up the port for the mac address of that specific computer. sure you could do it through the IOS command line also. I dont know if the port will turn off but I think it will be unusable to anyone else, but this is only from limited knowledge of your switch and the IOS. hope this helps.

Last Wiki Answer Submitted: January 31, 2006 11:47 am by Richl01

0 pts.

All Answer Wiki Contributors: Richl01

0 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Jan 31, 2006 5:46 PM (GMT)

You need to make the MAC addresses sticky or they will eventually time out of the mac-address-table. To enable sticky MAC addresses, use the following command in interface configuration:
switchport port-security mac-address sticky

Wayne

Sonyfreek

0 pts.

POSTED: Jan 31, 2006 5:55 PM (GMT)

In addition to making the MAC addresses sticky, make sure that you are not automatically re-enabling the interface when a violation occurs. You can check this in enabled mode by typing:
show errdisable recovery.
Make sure Psecure-Violation is not enabled.

If you need to change it by typing the following in global configuration:
(no) errdisable recovery cause psecure-violation

Wayne

Sonyfreek

0 pts.

POSTED: Feb 1, 2006 7:28 AM (GMT)

Dear All,
Thanks for your prompt responce.I tried it with another port and found working with following configuration:
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
no errdisable recovery cause psecure-violation
errdisable recovery interval 30

Great thanks to Sonyfreek.

Patelmanojk

50 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags